OllyDebugger How to use Find Sequence of commands with wildcard 32bit registers

Question

Lets say I want to find all the

MOV EAX, 1234h
MOV WORD PTR[EBP+ADDR], AX

But it won't be always EAX or EBP+ADDR

How do I wildcard search like

MOV ???, 1234h
MOV WORD PTR[???+ADDR], ??

I tried

MOV ANY, 1234h
MOV WORD PTR[ANY+ADDR], ANY

MOV ?, 1234h
MOV WORD PTR[ANY+ADDR], ?

MOV r32, 1234h
MOV WORD PTR[r32+ADDR], r16

None of these patterns compile in Ollydebugger how do I do this? (I would like to avoid scripts for such a easy task.

This one below compiles and works,

MOV r32, 0x1234

but how do I combine it with

MOV WORD PTR[r32+ADDR], r16

Answer 1

ollydbg 1.10 right click Search For All Sequences wildcard MOV R32 , CONST

result from calc.exe xp sp3 32 bit vm

Found sequences
Address                    Disassembly                            Comment
01001004 <&ADVAPI32.RegQu  DD      ADVAPI32.RegQueryValueExA      (Initial CPU selection)
010019E5                   MOV     EDI, OFFSET calc.ghnoParNum    01014C08=OFFSET calc.ghnoParNum
010019EF                   MOV     EDI, OFFSET calc.ghnoPrecNum   01014C70=OFFSET calc.ghnoPrecNum
01001A6B                   MOV     EBX, calc.010012A0             UNICODE "intl"
01001D51                   MOV     ESI, 130
01001DDF                   MOV     EAX, OFFSET calc.szBlank       01014DA4=OFFSET calc.szBlank
01001DE6                   MOV     EAX, calc.01001264             UNICODE " M"
01001F51 calc.WinMain      MOV     EAX, calc.010128EE             10128EE=calc.010128EE
01001FED                   MOV     ESI, 400
010020A2                   MOV     EAX, calc.010020A8             010020A8=calc.010020A8
010020D5                   MOV     EAX, 80000000
0100210A                   MOV     EDI, OFFSET calc.szAppName     UNICODE "SciCalc"

combined wild card

MOV WORD PTR [R32+CONST] , R16

Found sequences
Address        Disassembly                                     Comment
01001F6E       MOV     WORD PTR SS:[EBP-FC], BX
01002234       MOV     WORD PTR DS:[EAX+EDX*2+14], DI
0100230D       MOV     WORD PTR DS:[ESI+EAX*2+14], DI
0100231C       MOV     WORD PTR DS:[ESI+EAX*2+A4], DI
01002358       MOV     WORD PTR SS:[EBP+EDI*2-108], AX
01002376       MOV     WORD PTR SS:[EBP+EDI*2-108], AX
01002470       MOV     WORD PTR DS:[ECX+EAX*2+C], BX
010024AF       MOV     WORD PTR DS:[ECX+ESI*2+C], BX
0100251D       MOV     WORD PTR DS:[EAX+ECX*2+14], DX
010025AA       MOV     WORD PTR DS:[ECX+EAX*2+14], DX
0100404D       MOV     WORD PTR SS:[EBP+EAX*2-74], BX
010056E0       MOV     WORD PTR SS:[EBP+8], AX
010056F4       MOV     WORD PTR SS:[EBP+A], BX
01012475 calc  PUSH    70                              (Initial CPU selection)

edit to address comment

you dont need the WORD ptr simply doing
mov [R32+CONST] ,R16
will fetch the same results
ollydbg implicitly knows R!6 means word ptr instead of R16
if you provide r32 ollydbg will decode it as DWORD PTR

Found sequences, item 1
 Address=010017E7
 Disassembly=MOV     DWORD PTR SS:[EBP-2C], ESI

provide mov [CONST} , R8 and you get back all BYTE PTR Sequences

Found sequences, item 1
 Address=0100AC75
 Disassembly=MOV     BYTE PTR DS:[ftrueinfinite], BL

Answer 2

Nevermind this don't work right.. it has to find the constant in both areas for it to find the WORD PTR.. and that's not the case.

I solved it differently don't really need Sequence of commands,

All Constants works nearly the same (just more stuff to look though and it's all sorted so I would see the WORD PTR right under it if it's what i'm looking for.